-
Notifications
You must be signed in to change notification settings - Fork 90
/
kubernetes.yaml
270 lines (265 loc) · 7.05 KB
/
kubernetes.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
---
# Usage:
# Create the ssh keypair using Makefile found in images/data-sync:
# cd ../images/data-sync
# make data-sync
#
# Edit this file to mount your desired volumes
# Then launch this here with 'make data-sync'
# If you want more than 2 nodes kept in sync, add the service.data-sync
# label to more nodes and invoke kubectl scale.
apiVersion: v1
kind: Service
metadata:
name: $SERVICE_NAME
labels:
app.kubernetes.io/name: $SERVICE_NAME
spec:
clusterIP: None
ports:
- { port: 22, targetPort: 22 }
selector:
app.kubernetes.io/name: $SERVICE_NAME
release: "0.1"
---
apiVersion: apps/v1
kind: StatefulSet
metadata:
labels:
app.kubernetes.io/name: $SERVICE_NAME
release: "0.1"
name: $SERVICE_NAME
spec:
replicas: $DATA_SYNC_CLUSTER_SIZE
selector:
matchLabels:
app.kubernetes.io/name: $SERVICE_NAME
release: "0.1"
serviceName: $SERVICE_NAME
template:
metadata:
labels:
app.kubernetes.io/name: $SERVICE_NAME
release: "0.1"
spec:
containers:
- name: $SERVICE_NAME
env:
- name: PUBKEY1
valueFrom:
secretKeyRef:
name: $DATA_SYNC_SECRET
key: pubkey1
- name: PUBKEY2
valueFrom:
secretKeyRef:
name: $DATA_SYNC_SECRET
key: pubkey2
- { name: SYNC_INTERVAL, value: "2" }
- { name: TZ, value: $TZ }
image: $REGISTRY_URI/$SERVICE_NAME:$VERSION_DATA_SYNC
ports:
- containerPort: 22
resources:
limits:
memory: 4096Mi
requests:
memory: 256Mi
volumeMounts:
- name: archive
mountPath: /root/.unison
- name: config
mountPath: /etc/unison.d/common.prf
subPath: common.prf
- mountPath: /etc/ssh
name: etc
- mountPath: /var/log/unison
name: logs
- mountPath: /var/data-sync/share
name: share
# Customize your list of mounted volumes here
- mountPath: /var/data-sync/cloud
name: cloud
- mountPath: /var/data-sync/dos
name: dos
- mountPath: /var/data-sync/gitlab
name: gitlab
- mountPath: /var/data-sync/home
name: home
- mountPath: /var/data-sync/household
name: household
- mountPath: /var/data-sync/jira
name: jira
- mountPath: /var/data-sync/nexus
name: nexus
- mountPath: /run/secrets/data-sync-sshkey1
name: sshkeys
subPath: sshkey1
- mountPath: /run/secrets/data-sync-sshkey2
name: sshkeys
subPath: sshkey2
imagePullSecrets: [ $IMAGEPULL_SPEC ]
nodeSelector:
service.$SERVICE_NAME: allow
volumes:
- name: config
configMap:
name: $SERVICE_NAME
- name: sshkeys
secret:
secretName: $DATA_SYNC_SECRET
- name: logs
hostPath: { path: $K8S_VOLUMES_PATH/sync-logs/$SERVICE_NAME }
volumeClaimTemplates:
- metadata:
name: archive
spec:
accessModes: [ ReadWriteOnce ]
resources:
requests:
storage: 500Mi
- metadata:
name: etc
spec:
accessModes: [ ReadWriteOnce ]
resources:
requests:
storage: 500Mi
- metadata:
name: share
spec:
accessModes: [ ReadWriteMany ]
resources:
requests:
storage: 8Gi
selector:
matchLabels:
volume.group: share
- metadata:
name: cloud
spec:
accessModes: [ ReadWriteMany ]
resources:
requests:
storage: 8Gi
selector:
matchLabels:
volume.group: cloud
- metadata:
name: dos
spec:
accessModes: [ ReadWriteMany ]
resources:
requests:
storage: 8Gi
selector:
matchLabels:
volume.group: dos
- metadata:
name: gitlab
spec:
accessModes: [ ReadWriteMany ]
resources:
requests:
storage: 8Gi
selector:
matchLabels:
volume.group: gitlab
- metadata:
name: home
spec:
accessModes: [ ReadWriteMany ]
resources:
requests:
storage: 8Gi
selector:
matchLabels:
volume.group: home
- metadata:
name: household
spec:
accessModes: [ ReadWriteMany ]
resources:
requests:
storage: 8Gi
selector:
matchLabels:
volume.group: household
- metadata:
name: jira
spec:
accessModes: [ ReadWriteMany ]
resources:
requests:
storage: 8Gi
selector:
matchLabels:
volume.group: jira
- metadata:
name: nexus
spec:
accessModes: [ ReadWriteMany ]
resources:
requests:
storage: 8Gi
selector:
matchLabels:
volume.group: nexus
---
apiVersion: v1
kind: ConfigMap
metadata:
name: $SERVICE_NAME
data:
common.prf: |
# Directives for unison
ignore = Name .Xauthority
ignore = Name atlassian-jira-security.log
ignore = Name DVRWorkDirectory
ignore = Name ldapi
ignore = Name lost+found
ignore = Name msg.sock
# jenkins
ignore = Name *KubernetesClients.log
ignore = Name *socket
ignore = Name .s.PGSQL.5432
ignore = Name pgstat.stat
ignore = Path data-sync/share/artifactory/data/data/derby/log
ignore = Path data-sync/share/artifactory/data/logs/request.log
ignore = Path data-sync/share/nagios/var/rw
ignore = Path data-sync/dos
ignore = Path data-sync/duplicati/config
ignore = Path data-sync/gitlab/data/postgresql/data/pg_stat_tmp
ignore = Path data-sync/gitlab/data/prometheus/data
ignore = Path data-sync/gitlab/data/redis/dump.rdb
ignore = Path data-sync/gitlab/data/gitaly
ignore = Path data-sync/gitlab/logs/sshd/current
ignore = Path data-sync/jira/home/analytics-logs
ignore = Path data-sync/jira/home/log/atlassian-jira.log
ignore = Path data-sync/jira/home/log/atlassian-jira-perf.log
ignore = Path data-sync/jira/home/monitor/ConnectionPoolGraph.rrd4j
ignore = Path data-sync/jira/home/monitor/DatabaseReadWritesGraph.rrd4j
ignore = Path data-sync/jira/home/plugins/.osgi-plugins/felix/felix-cache
ignore = Path data-sync/jira/logs
ignore = Path data-sync/nexus/db/accesslog
ignore = Path redis/current
ignore = Path data-sync/samba-dc/var/lib/winbindd_privileged/pipe
ignore = Path data-sync/syslog/log/messages
ignore = Path data-sync/syslog/log/secure
ignore = Path data-sync/nexus/elasticsearch
ignore = Path data-sync/nexus/log/nexus.log
ignore = Path data-sync/nexus/log/request.log
auto = true
batch = true
confirmbigdel = true
copythreshold = 10000
copyquoterem = false
# SYS-400 overall performance is absolutely awful without this
fastercheckUNSAFE = true
group = true
owner = true
times = true
prefer = newer
silent = true
sshargs = -i /root/.ssh/data-sync.rsa
logfile = /var/log/unison/unison.log